Privacy- Friendly Eurovision Voting
description
Transcript of Privacy- Friendly Eurovision Voting
Privacy-Friendly Eurovision Voting
Meilof Veeningen (TU/e: Eindhoven University of Technology)
Joint work with: Niels de Vreede (TU/e), Thomas Toft (Aarhus)
Motivation: Eurovision Song Contest
Next Saturday in Copenhagen
Contest between songs from 26 European countries, held since 1956 People from each country vote for the winner
Top-10 countries: 1,2,3,4,5,6,7,8,10,12 points 50% televoting/SMS; 50% “professional jury” Can’t vote for own country Most points win (today: ignore ties)
2008: Russia (Dima Bilan) Meilof Veeningen: Privacy-Friendly Eurovision Voting
Motivation: Eurovision Voting
country1. votes: 1,2,3,4,5,6,7,8,10,12 to … presenter
2.showresults
general publicProblems: - takes ages - countries learn each other’s votes!
2009: Norway (Alexander Rybak) Meilof Veeningen: Privacy-Friendly Eurovision Voting
Eurovision Voting: Requirements
We need a procedure for counting Eurovision votes:
(Performance I) Can be performed within 1.5 hours (Correctness) Anybody can verify the result and correctness of voter’s
inputs (no self-votes, votes 1,2,3,4,5,6,7,8,10,12 to different countries) (Privacy) Don’t know what individial countries voted (Performance II) Needs to be ready before Saturday
Existing solutions: everything except privacy Although we may improve performance in the process…
2010: Germany (Lena) Meilof Veeningen: Privacy-Friendly Eurovision Voting
Eurovision Voting: Our Solution (I)
Need to have a simple solution that is not a lot of work to program SCAPI: offers Damgard-Jurik (Pallier) encryption, (non-interactive) zero
knowledge proofs of encrypted value; AND and OR composition Idea: use MPC based on threshold homomorphic encryption [CDN01] w/Fiat-
Shamir Broadcast threshold homomorphic encryptions of votes Add votes, perform threshold decryption Prove correct voting by countries, correct decryption of output For correct voting, ZK proof of (e.g., for n=3):
(E1->1 OR E2->1 OR E3->1) AND (E1->2 OR E2->2 OR E3->2) AND (E1->3 OR E2->3 OR E3->3)
Multiple zero votes: encode as 0,1,2,3,…,15; encode real votes as 1000,2000,3000,…
2011: Azerbaijan (Ell/Nikki)
Eurovision Voting: Our Solution (II)
country{E_pk(v1),…, E_pk(vn),NIZKPOCV}presenter i
{{E_pk(v1),…,E_pk(vn),NIZKPOCV}_i, dv1,…,dvn,NIZKPOCDs}
general public
This satisfies correctness and privacy (with random oracle, trusted key setup)!
(pk) (threshold sk)
(pk)
2012: Loreen (Sweden)
Demo
Demo
Performance (I)
Can proofs be produced and transmitted within Europe in 1.5 hours?
2013: Denmark (Emmelie de Forest) Meilof Veeningen: Privacy-Friendly Eurovision Voting
10
1
2
3
4
5
6Proof time (s)
260
20000
40000
60000
80000
100000
120000
Proof size (b)
Conclusion & Performance II & Future Work Solution based on SCAPI: ~500 lines of code for proving correctness
of votes
Satisfies Correctness, Privacy, Performance I Performance II (“ready before Saturday”)? Kind of…
Future work: What happens with a tie? Preliminary round: only determine finalists Making the Netherlands win with kleptography?
2014: ? Meilof Veeningen: Privacy-Friendly Eurovision Voting